Unicode C
Unicode C
Add EncapsulatedTimestamp to Already-Signed XML
See more XML Digital Signatures Examples
Demonstrates how to add an EncapsulatedTimestamp to an existing XML signature.Note: This example requires Chilkat v9.5.0.90 or greater.
Chilkat Unicode C Downloads
#include <C_CkStringBuilderW.h>
#include <C_CkXmlDSigW.h>
#include <C_CkJsonObjectW.h>
void ChilkatSample(void)
{
BOOL success;
HCkStringBuilderW sbXml;
HCkXmlDSigW dsig;
HCkJsonObjectW json;
HCkStringBuilderW sbOut;
HCkXmlDSigW verifier;
int numSigs;
int verifyIdx;
BOOL verified;
success = FALSE;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// Note: We cannot load the already-signed XML into a Chilkat XML object because it would re-format the XML when re-emitted.
// (i.e. indentation and whitespace could change, and it would invalidate the existing signature.)
// We must use a StringBuilder.
sbXml = CkStringBuilderW_Create();
success = CkStringBuilderW_LoadFile(sbXml,L"qa_data/xml_dsig_valid_samples/encapsulatedTimestamp_not_yet_added.xml",L"utf-8");
if (success == FALSE) {
wprintf(L"Failed to load the XML file.\n");
CkStringBuilderW_Dispose(sbXml);
return;
}
dsig = CkXmlDSigW_Create();
success = CkXmlDSigW_LoadSignatureSb(dsig,sbXml);
if (success == FALSE) {
wprintf(L"%s\n",CkXmlDSigW_lastErrorText(dsig));
CkStringBuilderW_Dispose(sbXml);
CkXmlDSigW_Dispose(dsig);
return;
}
if (CkXmlDSigW_HasEncapsulatedTimeStamp(dsig) == TRUE) {
wprintf(L"This signed XML already has an EncapsulatedTimeStamp\n");
CkStringBuilderW_Dispose(sbXml);
CkXmlDSigW_Dispose(dsig);
return;
}
// Specify the timestamping authority URL
json = CkJsonObjectW_Create();
CkJsonObjectW_UpdateString(json,L"timestampToken.tsaUrl",L"http://timestamp.digicert.com");
CkJsonObjectW_UpdateBool(json,L"timestampToken.requestTsaCert",TRUE);
// Call AddEncapsulatedTimeStamp to add the EncapsulatedTimeStamp to the signature.
// Note: If the signed XML contains multiple signatures, the signature modified is the one
// indicated by the dsig.Selector property.
sbOut = CkStringBuilderW_Create();
success = CkXmlDSigW_AddEncapsulatedTimeStamp(dsig,json,sbOut);
if (success == FALSE) {
wprintf(L"%s\n",CkXmlDSigW_lastErrorText(dsig));
CkStringBuilderW_Dispose(sbXml);
CkXmlDSigW_Dispose(dsig);
CkJsonObjectW_Dispose(json);
CkStringBuilderW_Dispose(sbOut);
return;
}
CkStringBuilderW_WriteFile(sbOut,L"qa_output/addedEncapsulatedTimeStamp.xml",L"utf-8",FALSE);
// The EncapsulatedTimeStamp can be validated when validating the signature by adding the VerifyEncapsulatedTimeStamp
// keyword to UncommonOptions. See here:
// ----------------------------------------
// Verify the signatures we just produced...
verifier = CkXmlDSigW_Create();
success = CkXmlDSigW_LoadSignatureSb(verifier,sbOut);
if (success != TRUE) {
wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier));
CkStringBuilderW_Dispose(sbXml);
CkXmlDSigW_Dispose(dsig);
CkJsonObjectW_Dispose(json);
CkStringBuilderW_Dispose(sbOut);
CkXmlDSigW_Dispose(verifier);
return;
}
// Add "VerifyEncapsulatedTimeStamp" to the UncommonOptions to also verify any EncapsulatedTimeStamps
CkXmlDSigW_putUncommonOptions(verifier,L"VerifyEncapsulatedTimeStamp");
numSigs = CkXmlDSigW_getNumSignatures(verifier);
verifyIdx = 0;
while (verifyIdx < numSigs) {
CkXmlDSigW_putSelector(verifier,verifyIdx);
verified = CkXmlDSigW_VerifySignature(verifier,TRUE);
if (verified != TRUE) {
wprintf(L"%s\n",CkXmlDSigW_lastErrorText(verifier));
CkStringBuilderW_Dispose(sbXml);
CkXmlDSigW_Dispose(dsig);
CkJsonObjectW_Dispose(json);
CkStringBuilderW_Dispose(sbOut);
CkXmlDSigW_Dispose(verifier);
return;
}
verifyIdx = verifyIdx + 1;
}
wprintf(L"All signatures were successfully verified.\n");
CkStringBuilderW_Dispose(sbXml);
CkXmlDSigW_Dispose(dsig);
CkJsonObjectW_Dispose(json);
CkStringBuilderW_Dispose(sbOut);
CkXmlDSigW_Dispose(verifier);
}